The SOPA and PIPA Kerfluffle

Much of the internet seems to be up in arms over the potential for a new piece of legislation designed to help US law enforcement authorities fight online piracy. In protest of this potential legislation, some sites (Wikepedia) went completely dark yesterday, and some (Google) demonstrated conspicuous concerns over the prospect of censorship by the government (with the Google logo obscured by a big black box). So what is all of the fuss about, and should we who are concerned about virtualization and cloud computing care?

First we have to take a look at where this is coming from. We have to ask the question as to who wants this to happen and why. The answer to that question is that this is primarily coming from the Motion Picture Association of America (the MPAA) who is very concerned about protecting the intellectual property rights of its members (the big Hollywood studios that produce movies), and stopping the online piracy of those movies. US law enforcement authorities already have the tools needed to shut down sites residing here in the US that engage in commercial online piracy or distribution of pirated content. What SOPA and PIPA are about is putting additional tools in the hands of those authorities that effectively would allow them to shut down those sites or deprive them of revenue no matter where they are in the world.

So is Shutting Down Global Movie Piracy Sites a Good Thing?

There are some who believe that “all content wants to be free”, and that any content no matter who produced it and how much it cost to produce should be freely shareable online. There are even people who believe that they can copy and paste content from sites like this, and paste  in on their own sites to drive their own revenue. Needless to say, anyone who spends money to produce valuable content (like we do) has a problem with this point of view. Certainly the Internet and the web are about anyone being allowed to share what they own if they want to, and for others to access that if they want to, but the promise of the free and open web, and free speech on the web never extended to the right to steal someone else’s IP or content and give it away.

From this perspective stopping large scale commercial online piracy is a good thing. We cannot expect people to spend (in the case of movies) hundreds of millions of dollars to produce something if they will then be subject to having their work stolen on a large scale basis. At a much smaller level, we here at TVP only exist because people come here to consume our content instead of being able to get it everywhere else.

So What is the Problem?

So if shutting down large scale overseas commercial piracy is on balance a good thing as it rewards content creators and protects their intellectual property rights, why is there such an outcry from legitimate businesses like Google and Facebook? The answer has to do with the law of unintended consequences (the author’s favorite law) and how SOPA and PIPA would be implemented (note that SOPA and PIPA must be merged into one bill which is a process that has not started yet, and the content of the final bill if it were to get passed and signed into law is not known at this time).

What concerns many legitimate businesses is that what SOPA and PIPA “might” do is hold a web site or an ISP liable for the presence of illegitimate content on their site. Current law creates a safe harbor for ISP’s and sites which says that as long as the ISP or site takes down the illegitimate content once notified, then the ISP or site is not responsible for or liable for the presence of the pirated content uploaded by users on their site or in their networks.

When you combine this concern with the enforcement mechanisms in SOPA and PIPA you get to the real issue. Because the enforcement mechanisms include the ability of law enforcement to make a site inaccessible to users, and to make it a crime to do business with that site (depriving it of revenue) if that site is found to be in violation of SOPA or PIPA. Now this leads to some very serious potential problems:

  • Someone creates a public folder on their Dropbox. They put a pirated movie on that folder, and post the link to it on various sites on the Internet. As opposed to just going after the user of Dropbox who did this, law enforcement can now effectively shut down all of Dropbox.
  • Someone uploads a pirated movie to YouTube. Law enforcement goes after YouTube (Google) and effectively shuts down YouTube. You can kind of understand why Google might be upset about this.
  • Same scenario for Facebook. Someone uploads some pirated content (maybe just a copy and paste of an entire New York times online article) as a post on their page. As opposed to the user being told to take it down, law enforcement goes after Facebook, and can actually shut it down.
  • This applies to any an all web sites like this one that accept comments. We happen to moderate comments and read them before we approve them and delete the ones that we do not approve of. But we have no way of knowing whether or not someone wrote what is in their comment or copied and pasted it from another web site where the content is copyrighted.
  • Another scenario is to use SOPA and PIPA as part of a hack, to shutdown legitimate sites. If a site is hacked, a link or redirect to pirated content is added, then that site can also be shutdown.  In effect, using the Law against legitimate sites will become the new denial of service attack.

It’s not the Goal it the Method

In summary, most people would agree that if you expect people to create content that takes time and money to create, that you should not expect them to just let their content be stolen, copied and distributed in a broad scale way with no compensation to the content creator. Content creators from movie studios to this web site would not be in business if this were the norm. It is also true that online piracy is a real problem in certain overseas locations, where local authorities turn a blind eye to this form of theft and that this costs us money and jobs back here in the USA.

However, like so many things that the MPAA has tried to do and has done over the years (for example requiring the entire consumer electronics, PC and monitor industries to move from a perfectly acceptable interface like VGA/DSUB to HDMI), this approach is heavy handed, overkill, and carries with it the virtual certainty of the kinds of horrible unintended consequences detailed above. The biggest problem here is that the MPAA is a major lobbying organization in Washington DC, it is run by a former US senator (Chris Dodd), and politicians are being paid off with campaign contributions – while not really knowing what problems they are creating in the process.

Should “we” who care about Virtualization and Cloud Computing Care?

Well maybe. Here is a scenario. You put up a private cloud that allows people to get a “service” that consists of a web server and a back end database. A person in your company decides to order up a couple of web servers to host content contributed by your employees, but for some reason someone does not get the security right (cannot imagine how that would happen). Now it turns out that people who are not your employees can upload content to this site and someone uploads a pirated movie. Under a strict and unreasonable interpretation of SOPA as currently written, US law enforcement could demand that ISP’s block that site (and your entire company’s domain) for this one transgression.

Think about hybrid clouds for a moment. Imagine that your company builds a hybrid cloud that consists of a portion of your data center and a portion of a data center belonging to a public cloud vendor. Now some pirated content shows up in a published form somewhere in that private cloud. SOPA and PIPA as currently written would potentially subject both your domain and the domain of the public cloud provider to access restrictions which really amount to a shut down of the domains.

On the cloud services front, Dropbox, Facebook, Linkedin, and many sites that we rely upon rely themselves upon user contributed content. These sites could all be easily shut down, simply if one user crossed the line. The burden of forcing these sites to check the copyrights on every piece of content that is posted on them is simply unreasonable, and it could kill cloud computing.

So, yes we should care. These bills if implemented with overly broad definitions of the problem they are trying to solve, and overly broad enforcement powers could kill the greatest productivity engine in the world economy. That engine is how IT agility, Agile Development, Business Agility, virtualization, and cloud computing are combining to reinvent the cost/benefit curve for computing.

Is a Sane Solution Possible?

The short answer is yes. The answer is to dramatically narrow the scope and set of enforcement actions for SOPA and PIPA so that they target just offshore sites engaged in large scale commercial piracy and so that the existing safe harbor for sites that take content from users is both maintained and formally recognized as an exception to the scope of SOPA and PIPA. This will ensure that law enforcement can go after the really bad actors, and that the many good and useful sites and are the basis of the “good Internet” are not collateral damage in these enforcement efforts.

Posted in Data Protection, End User Computing, IT as a Service, SDDC & Hybrid Cloud, Security, Transformation & AgilityTagged , , , ,